Runtime extension
With PTV5 maintenance release 3 (Firmware 5.50.3), the runtime extension of secunet connectors is possible.
Connectors with certificates issued before 01/01/2021 can be equipped with a runtime extension (LZV) until 12/31/2025 via software update - regardless of whether they are set up with ECC or RSA keys. No change of the public key is necessary. The new runtime-extended certificates are then stored in the secure memory of the connector, and no longer on the gSMC-k.
Connectors with certificates that were personalized after 01.01.2021 have a validity until the end of 2025 due to the 5-year regulation from the factory. If it turns out in the future that these connectors also require a new certificate, this will be decided and prepared by gematik in good time.
Background
The security of the connectors is based on the cryptography of a smart card, the so-called gSMC-K.
These gSMC-K, which are permanently installed in the connectors, are personalized with TI certificates at the time of hardware production. According to gematik and BSI specifications, the component certificates may be valid for a maximum of five years from the time of retrieval. As a result, the connectors have a maximum service life of five years.
The first connectors from secunet for online productive operation were produced at the end of November 2018. Thus, their certificates expire by the end of 2023 and become invalid as a result. After the certificates expire, the essential functions of the connector are no longer available.
Connectors with expired certificates must either be replaced with new connectors or equipped with new valid certificates as part of the "runtime extension".
Write to us via the contact form. We are happy to help.